Orchestration 4

Strata

Acquired

Strata Identity pioneered the "Identity Orchestration" category, letting enterprises connect and migrate across incompatible identity providers (Okta, Azure AD, Ping) without rewriting apps, via its Maverics platform and abstraction "identity fabric." Distinctive for authoring open standards (IDQL/Hexa) and cross-IdP failover — the capability that drove its 2026 acquisition by Rubrik.

Acquired by Rubrik (2026) — now Rubrik Identity Continuity.

Series B · $26M · 2023 (total ~$42M); acquired by Rubrik 2026
Rubrik acquires Strata.io to power Identity Continuity failover

Readibots

Active

Readibots (Kanata, Ontario; formerly Cloudbridge) builds READI, an Automation-as-a-Service platform that connects and automates identity tasks across legacy, non-API, and disconnected apps that IGA connectors can't reach. Distinctive for PowerShell-native "start-anywhere" identity automation positioned as a connectivity layer beneath existing IGA, not a replacement.

Monokee

Active

Monokee is an Italian IAM vendor pairing access management and governance with a low/no-code visual identity orchestrator for workforce and customer identities. Distinctive for drag-and-drop orchestration flows, FIDO/passwordless focus, and decentralized-identity support; a KuppingerCole Rising Star now expanding to the US via subsidiary Pure Identity Corp.

Simeio

Active

Simeio (Alpharetta, GA) is an identity-security managed-services and advisory firm delivering IAM/IGA/PAM implementation plus its own Identity Orchestrator (IO) platform and managed IDaaS. Distinctive for combining vendor-agnostic advisory, implementation, and 24/7 managed operations at enterprise scale.

Authorization 3

SGNL

Acquired

SGNL builds a continuous, context-aware authorization platform that enforces zero standing privilege and real-time access decisions (using CAEP) for humans, non-human identities, and AI/MCP agents across SaaS and cloud. Distinctive for dynamic session-level authorization and revocation; acquired by CrowdStrike to power Falcon Next-Gen Identity Security.

Acquired by CrowdStrike (~$740M, Jan 2026).

Acquired by CrowdStrike · ~$740M · 2026
CrowdStrike to acquire SGNL for ~$740M for the AI era

PlainID

Active

PlainID (Tel Aviv / New York) is an enterprise authorization vendor built on Policy-Based Access Control (PBAC), centralizing runtime access decisions across apps, APIs, data, and now agentic AI. Distinctive for defining the "Authorization Management Platform" category Gartner now tracks, with fine-grained externalized policy and an agentic identity platform.

Series C · $75M · 2021 (led by Insight Partners)
PlainID launches Policy 360° for full access-policy lifecycle

Axiomatics

Acquired

Axiomatics (founded 2006, Stockholm) is a pioneer of dynamic, runtime fine-grained authorization based on attribute-based access control (ABAC) for apps, data, APIs, and microservices. Distinctive as the leading European ABAC/policy-driven Zero Trust vendor; acquired by Italian defense group Leonardo to anchor its NATO-focused Zero Trust portfolio.

Acquired by Leonardo (2025) for NATO Zero Trust portfolio.

Acquired by Leonardo · 2025 (terms undisclosed)
Leonardo completes acquisition of Axiomatics for Zero Trust

Identity Security 8

ConductorOne

Active

ConductorOne is a Portland/San Francisco identity security company founded in 2020 by former Okta product leaders, offering an AI-native platform that unifies identity governance (IGA), access management, and cloud PAM. Distinctive for a consolidation play — hundreds of prebuilt connectors and a modular stack aimed at replacing fragmented legacy tools, now extended to non-human and AI-agent identities.

Series B · $79M · 2025 (total >$100M)
ConductorOne raises $79M Series B for AI-native identity security

Veza

Acquired

Veza is a Redwood Shores identity security company founded in 2020 whose platform goes beyond IGA to visualize and control entitlements across human, machine, and AI identities. Its distinctive core is the patented Access Graph, mapping who-can-do-what across data systems, cloud, and SaaS to enforce least privilege — the technology acquired by ServiceNow.

Acquired by ServiceNow (~$1.25B; announced Dec 2025, closed Mar 2026).

Acquired by ServiceNow · ~$1.25B · 2026 (last round Series D $108M at ~$808M)
ServiceNow to acquire Veza's AI-native identity security platform

Zilla Security

Acquired

Zilla Security, founded by serial IGA entrepreneur Deepak Taneja (ex-Aveksa), built a modern SaaS-based IGA platform designed from scratch for cloud/SaaS sprawl. Its distinctive edge is AI-generated entitlement profiles and robotic "Universal Sync" automation that cut access-review effort up to 80%; acquired by CyberArk in February 2025.

Acquired by CyberArk ($175M, Feb 2025).

Acquired by CyberArk · $175M ($165M cash + $10M earn-out) · 2025
CyberArk acquires Zilla Security to reshape modern IGA

YouAttest

Active

YouAttest is an Irvine, California company offering a lightweight, cloud-based IGA tool focused specifically on automating user access reviews and access-certification campaigns for compliance. Its distinctive angle is fast time-to-value and low cost via tight cloud-to-cloud integrations with IdPs like Microsoft Entra ID and Ping Identity, rather than a heavyweight suite.

BalkanID

Active

BalkanID is an Austin, Texas startup (founded 2021) offering an AI-powered access governance and IGA platform built around a patent-pending identity knowledge graph for visualizing entitlements across SaaS and public cloud. Its distinctive focus is intelligent least-privilege enforcement and entitlement discovery across human, non-human, and AI-agent identities.

Seed · $8.1M · 2022

Andromeda Security

Active

Andromeda Security is a San Francisco/Los Altos startup delivering an AI-powered identity security platform for human and non-human identities, spanning discovery, access, risk context, and remediation. Its distinctive approach is a data-driven, context-aware architecture that automates entitlement right-sizing and just-in-time access across the full identity lifecycle.

Seed · ~$7M · 2024–2025 (Sorenson Capital, Pathlight)
Andromeda Security secures strategic investment from Sorenson Capital

Orchid Security

Active

Orchid Security is an Israel/NYC startup (founded Dec 2023, out of stealth Jan 2025) building an identity-first security orchestration platform that uses LLMs to discover applications and assess their authentication/authorization flows without recoding. Its distinctive claim is illuminating enterprise "identity dark matter," with early Fortune 500 customers and a 2025 Gartner Cool Vendor nod.

Seed · $36M · 2025 (Intel Capital, Team8)
Orchid Security raises $36M seed to fix fragmented identity with LLMs

Lumos

Active

Lumos is a San Francisco company (founded 2020) that began as an internal "AppStore" for self-service app/access requests and grew into an autonomous identity platform that discovers and manages access across all of an organization's apps. Its distinctive positioning merges SaaS management and identity governance, increasingly driven by AI agents ("Identity Agent Force") for continuous access governance.

Series B · $35M · 2024 (Scale Venture Partners, a16z; total ~$65M)

OG 7

SailPoint

Public

SailPoint is an enterprise identity security (IGA) leader focused on governing access for human, machine, and now AI-agent identities across complex hybrid environments. Its distinctive edge is a mature, AI/ML-driven identity governance platform (Atlas / Identity Security Cloud) with deep policy, certification, and lifecycle capabilities at Fortune 500 scale.

Re-IPO'd on Nasdaq (SAIL), Feb 2025.

Public (Nasdaq: SAIL)
SailPoint prices upsized IPO at $23, returns to Nasdaq as SAIL

Saviynt

Active

Saviynt is a cloud-native identity security platform unifying identity governance, privileged access, non-human/AI-agent identity, and identity security posture management in one converged product. Its distinctiveness is a single-platform, "identity as the foundation for the AI era" approach that collapses traditionally separate IGA and PAM tooling.

Raised $700M (KKR-led, Dec 2025) at ~$3B valuation.

$700M growth round · KKR-led · Dec 2025 (~$3B valuation)
Saviynt raises $700M in KKR-led round at ~$3B valuation

Radiant Logic

Active

Radiant Logic runs an identity data platform (RadiantOne) that unifies fragmented identity data from legacy, cloud, and non-human sources into a single authoritative layer with identity security posture management. Its distinctive niche is being the "identity data fabric" — virtualization, observability, and now AI/MCP-driven remediation beneath the IAM stack.

Private (TA Associates-backed)
Radiant Logic launches AI-driven remediation to cut identity attack surface

CyberArk

Acquired

CyberArk is the market leader in privileged access management and machine/secrets identity security, and as of February 2026 operates as the identity security core of Palo Alto Networks. Its distinctiveness is deep PAM plus a broad machine-identity and secrets portfolio now folded into Palo Alto's platform to secure human, machine, and agentic identities.

Acquired by Palo Alto Networks (~$25B, closed Feb 2026) — now PANW's identity core.

Acquired by Palo Alto Networks · ~$25B · closed Feb 2026 (formerly Nasdaq: CYBR)
Palo Alto Networks completes $25B acquisition of CyberArk

Ping Identity

Active

Ping Identity is an enterprise identity provider (merged with ForgeRock) covering workforce and customer IAM, SSO, MFA, and orchestration for large regulated organizations. Its distinctiveness is a highly configurable, orchestration-driven platform (PingOne) with strong deployment flexibility and, increasingly, runtime agent authorization and anti-deepfake defenses.

Private (Thoma Bravo-owned; acquired 2022 for $2.8B)
Thoma Bravo refinances Ping Identity debt, saving millions in interest

CIAM 3

Strivacity

Active

Strivacity is a low-code customer identity and access management (CIAM) vendor built to stand up branded sign-in, registration, and access journeys without custom coding. Its distinctive angle is speed-to-deploy for mid-market and enterprise CIAM, plus a built-in generative-AI assistant for real-time journey and compliance guidance.

$28M total raised (Series A2 $20M, SignalFire-led)
Strivacity accelerates global momentum with partner-first strategy

Stytch

Acquired

Stytch is a developer-focused authentication and identity API platform for passwordless, MFA, fraud prevention, and B2B auth. Its distinctive contribution is early agentic-identity infrastructure — Connected Apps and remote MCP authorization that let AI agents act securely on a user's behalf — the capability behind its November 2025 acquisition by Twilio.

Acquired by Twilio (announced Oct 2025; closed Nov 14, 2025).

Acquired by Twilio · 2025
Twilio completes acquisition of Stytch, identity for humans and AI agents

Non-Human Identity 4

Astrix Security

Acquired

Astrix is a pioneer in non-human identity (NHI) security, giving enterprises visibility, lifecycle management, and automated remediation for API keys, service accounts, and AI agents across SaaS, cloud, and on-prem. Founded in Tel Aviv; Cisco announced intent to acquire it in 2026 to fold NHI security into Identity Intelligence, Duo, and Secure Access.

Acquired by Cisco (~$250–350M reported, announced 2026).

Series B · $45M · 2024 (acquired by Cisco, 2026)
Cisco announces intent to acquire Astrix Security

Natoma

Acquired

Natoma builds an enterprise gateway for the Model Context Protocol (MCP), giving AI agents governed, identity-aware access to a library of out-of-the-box tools and enterprise systems. Founded in 2024 by veterans from Okta, Microsoft, Google, and Salesforce; Snowflake announced intent to acquire it in 2026 to govern agentic access to enterprise data.

Acquired by Snowflake (announced May 2026).

Seed · $7M · 2024 (acquired by Snowflake, 2026)
Snowflake announces intent to acquire Natoma

Oasis Security

Active

Oasis Security built one of the first purpose-built platforms for non-human identity management, discovering, classifying, and governing service accounts, API keys, and workloads across hybrid cloud with policy-driven lifecycle and remediation. Founded in 2022; backed by Sequoia and Accel and distinctive for framing NHI governance as an emerging "Agentic Access" discipline.

Series B · $120M · 2026
Oasis Security raises $120M to secure non-human identities across AI and cloud

Emerging 4

Beyond Identity

Active

Beyond Identity is a passwordless, phishing-resistant authentication platform that replaces passwords with device-bound X.509 certificates, cryptographically binding a user's identity to their device for un-phishable MFA. Founded in 2019; reached a $1.1B valuation and is extending hardware-enforced, TPM-backed security into the AI era.

Series C · $100M · 2022 (total $205M)

Opal Security

Active

Opal Security is an AI-native access governance platform giving security teams real-time visibility, policy-as-code, and just-in-time least-privilege control over every identity — employees, service accounts, and AI agents — in a single access graph. Distinctive for Paladin, an AI engine that auto-evaluates access requests and escalates only those needing human review.

$23M · 2026 (total $59M)
Opal Security raises $23M for AI-native identity governance

PAM 5

BeyondTrust

Active

BeyondTrust is a global leader in privileged access management (PAM) and identity security, protecting "Paths to Privilege" across privileged accounts, sessions, and endpoints. Distinctive for an integrated PAM platform spanning human, machine, and AI-agent identities, and a seven-consecutive-year Leader placement in the Gartner Magic Quadrant for PAM.

PE-owned — Francisco Partners (2018), Clearlake Capital investment (2021)
BeyondTrust named a Leader in the 2025 Gartner Magic Quadrant for PAM (7th year)

StrongDM

Acquired

StrongDM (now part of Delinea) is a universal/zero-trust privileged access platform built for engineering, DevOps, and AI-driven environments. Distinctive for proxy-based, just-in-time runtime authorization that injects ephemeral credentials into developer workflows across databases, Kubernetes, SaaS, and cloud without disrupting them.

Acquired by Delinea (closed Mar 2026).

~$96M total; $34M Series C (2024). Acquired by Delinea, closed Mar 2026
StrongDM acquisition by Delinea completed to unify PAM and JIT authorization

Netwrix

Active

Netwrix is a cybersecurity vendor focused on data and identity threats, offering visibility, auditing, and privileged access controls across hybrid environments. Distinctive for a broad, acquisition-built portfolio (Auditor, 1Secure ITDR, Privilege Secure) unifying data security and identity threat detection and response for mid-market and enterprise IT.

PE-backed (TA Associates; Centerbridge Partners)
Netwrix 1Secure ITDR October 2025 release adds Entra ID and Okta recovery

Movers